does isc dhcp 4.2.3 support blocking client which send many
Jeff Waller
jeffw at cnxntech.com
Wed Mar 7 18:36:42 UTC 2012
Would have to be augmented beyond simple requests as illustrated below to also inspect
the packet for the mac address. May be direct support in iptables and/or the support modules or could
ultimately call out to an external program (snarf?).
Another (1 minute this time) google, not sure about applicability (keywords deep packet inspection)
http://l7-filter.sourceforge.net/HOWTO
On Mar 7, 2012, at 1:19 PM, perl-list wrote:
I'm not thinking that would work in the case of a relay agent - These packets would all appear to come from the relay agent and the relay agent would get blocked, not the end-user device.
________________________________
From: "Jeff Waller" <jeffw at cnxntech.com<mailto:jeffw at cnxntech.com>>
To: "Users of ISC DHCP" <dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>>
Sent: Wednesday, March 7, 2012 1:12:39 PM
Subject: Re: does isc dhcp 4.2.3 support blocking client which send many
On Mar 7, 2012, at 10:52 AM, Simon Hobson wrote:
> Martin McCormick wrote:
>
>> A good mechanism for controlling insane systems
>> might be to read time intervals between each MAC address contact
>> and start ignorring anybody who has contacted DHCPD more than X
>> number of times in X number of seconds.
>
> Which is the sort of task Logwatch was written for. Anyone know if
> any DHCP filters/actions have been written for it ?
>
> However, that won't work for devices behind a relay agent. And
> someone said that iptables doesn't work either.
IP tables can be made to work. Someone is being dumb.
Here's A link from 5m of google;
http://www.wjunction.com/48-technical-security-tutorials/107901-linux-ddos-protection.html
http://www.infond.fr/2010/04/basics-6-tutorial-firewall-iptables.html
Form the 2nd source, seems approximately the same;
#9 allow 5 TCP connexion attempts
# with 2 per minuts frequency
#iptables -A INPUT -m state --state NEW -m recent --set
#iptables -A INPUT -m state --state NEW -m recent --update --hitcount 6 -j DROP
#iptables -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
> https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/dhcp-users
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org<mailto:dhcp-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120307/f44a1b19/attachment.html>
More information about the dhcp-users
mailing list